US10305932B2 - System and method for detecting false data injection in electrical substations - Google Patents

System and method for detecting false data injection in electrical substations Download PDF

Info

Publication number
US10305932B2
US10305932B2 US15/386,339 US201615386339A US10305932B2 US 10305932 B2 US10305932 B2 US 10305932B2 US 201615386339 A US201615386339 A US 201615386339A US 10305932 B2 US10305932 B2 US 10305932B2
Authority
US
United States
Prior art keywords
measurement
input
pmu
sspdc
phasor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US15/386,339
Other versions
US20180176249A1 (en
Inventor
Junho HONG
Reynaldo Nuqui
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Energy Ltd
Original Assignee
ABB Inc USA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ABB Inc USA filed Critical ABB Inc USA
Assigned to ABB INC. reassignment ABB INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HONG, JUNHO, NUQUI, REYNALDO
Priority to US15/386,339 priority Critical patent/US10305932B2/en
Assigned to UNITED STATES DEPARTMENT OF ENERGY reassignment UNITED STATES DEPARTMENT OF ENERGY CONFIRMATORY LICENSE (SEE DOCUMENT FOR DETAILS). Assignors: ABB, INC.
Priority to PCT/US2017/067950 priority patent/WO2018119265A1/en
Priority to CN201780087008.8A priority patent/CN110337626B/en
Priority to EP22166965.8A priority patent/EP4047444B1/en
Priority to EP17883049.3A priority patent/EP3559776B1/en
Publication of US20180176249A1 publication Critical patent/US20180176249A1/en
Publication of US10305932B2 publication Critical patent/US10305932B2/en
Application granted granted Critical
Assigned to ABB POWER GRIDS SWITZERLAND AG reassignment ABB POWER GRIDS SWITZERLAND AG ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ABB INC.
Assigned to HITACHI ENERGY SWITZERLAND AG reassignment HITACHI ENERGY SWITZERLAND AG CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: ABB POWER GRIDS SWITZERLAND AG
Assigned to HITACHI ENERGY LTD reassignment HITACHI ENERGY LTD MERGER (SEE DOCUMENT FOR DETAILS). Assignors: HITACHI ENERGY SWITZERLAND AG
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R25/00Arrangements for measuring phase angle between a voltage and a current or between voltages or currents
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R35/00Testing or calibrating of apparatus covered by the other groups of this subclass
    • G01R35/005Calibrating; Standards or reference devices, e.g. voltage or resistance standards, "golden" references
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0259Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
    • G05B23/0286Modifications to the monitored process, e.g. stopping operation or adapting control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R19/00Arrangements for measuring currents or voltages or for indicating presence or sign thereof
    • G01R19/25Arrangements for measuring currents or voltages or for indicating presence or sign thereof using digital measurement techniques
    • G01R19/2513Arrangements for monitoring electric power systems, e.g. power lines or loads; Logging
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E40/00Technologies for an efficient electrical power generation, transmission or distribution
    • Y02E40/70Smart grids as climate change mitigation technology in the energy generation sector
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E60/00Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S10/00Systems supporting electrical power generation, transmission or distribution
    • Y04S10/22Flexible AC transmission systems [FACTS] or power factor or reactive power compensating or correcting units
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Definitions

  • the present disclosure relates generally to false data detection in electrical substations using a local substation phasor data concentrator (ssPDC).
  • Measurement data collected within a substation is transmitted to a local ssPDC before being transmitted to a centralized data processor, such as a supervisory control and data acquisition system (SCADA) or a control center level phasor data concentrator system.
  • SCADA supervisory control and data acquisition system
  • the measurement data is transmitted by way of wireless and wired communication channels.
  • a cyber intruder injecting false data into a wireless or wired communication channel of an electrical substation, could disrupt the operation of the centralized data processor, driving the utility grid into an emergency operating state.
  • Existing false data detection systems suffer from a number of shortcomings and disadvantages. There remain unmet needs including reduced substation downtime following a cyberattack. For instance, an electrical substation may respond to a cyberattack detection by ceasing operating until a technician determines the extent of the cyberattack. There is a significant need for the unique apparatuses,
  • Exemplary embodiments include unique systems, methods, techniques and apparatuses for detecting and removing false data in electrical substation data collection systems. Further embodiments, forms, objects, features, advantages, aspects and benefits of the disclosure shall become apparent from the following description and drawings.
  • FIGS. 1 and 2 illustrate exemplary electrical substation data collection systems.
  • FIG. 3 is a schematic block diagram illustrating an exemplary substation phasor data concentrator.
  • FIG. 4 is a flowchart illustrating an exemplary process for detecting and replacing false data.
  • substation 110 may be a transmission substation, a distribution substation, a converter substation, and collection substation, or a switching substation, to name but a few examples.
  • Substation 110 includes a substation phasor data concentrator (ssPDC) 131 structured to receive data from other devices of substation 110 by way of wireless or wired communication channels, verify the accuracy of the received data, eliminate and replace inaccurate data, and transmit accurate data to another device, such as a supervisory control and data acquisition system (SCADA) or a central phasor data concentrator structured to receive data from a plurality of electrical substations.
  • ssPDC substation phasor data concentrator
  • SCADA supervisory control and data acquisition system
  • SCADA supervisory control and data acquisition system
  • central phasor data concentrator structured to receive data from a plurality of electrical substations.
  • substation 110 includes an electrical power line 103 structured to transmit electric power having electrical characteristics including voltage and current. Substation 110 may also include additional electrical power lines such that substation 110 receives and transmits multiphase power, each power line having distinct electrical characteristics.
  • Substation 110 includes a circuit breaker 105 , a current transformer 107 , and a voltage transformer, each operatively coupled to power line 103 . Where substation 110 is structured to receive and transmit multiphase power, a circuit breaker, current transformer, and a voltage transformer may be operatively coupled to each additional power line.
  • Circuit breaker 105 is structured to selectively disrupt the flow of electrical current in line 103 in response to detecting a fault condition. When circuit breaker 105 is closed, electrical current can flow through power line 103 . When circuit breaker 105 is open, electrical current cannot flow through power line 103 . Circuit breaker 105 is configured to output the open/closed status of breaker 105 .
  • Current transformer 107 is structured to receive power from line 103 , step down the current of the received power, and output the power with the stepped down current.
  • the output of current transformer 107 may be power with a current within a range of 0 A to 5 A.
  • Voltage transformer 109 is structured to receive power from line 103 , step down the voltage of the received power, and output the power with the stepped down voltage.
  • the output of voltage transformer 109 may be power with a voltage within a range of 0 V to 120 V.
  • Substation 110 includes a plurality of devices structured to receive a set of information 111 from circuit breaker 105 , current transformer 107 , and voltage transformer 109 .
  • Information 111 includes data corresponding to electrical characteristics of the power received and transmitted with line 103 , such as current, voltage, and circuit breaker status.
  • information 111 a is data related to circuit breaker status
  • information 111 b is current transformer output
  • information 111 c is voltage transformer output.
  • substation 110 includes protective relay 117 , a phasor measurement unit (PMU) 119 , and a merging unit 121 , each coupled to and structured to receive information 111 from circuit breaker 105 , current transformer 107 , and voltage transformer 109 .
  • substation 110 includes additional or fewer devices structured to receive information 111 or portion of information 111 .
  • System 100 includes an external synchronization unit 139 configured to communicate with substation 110 by way of a time synchronization communication channel 141 .
  • Unit 139 is structured to transmit synchronization data using channel 141 .
  • unit 139 is a global positioning system.
  • unit 139 is configured to operate according to Inter Range Instrumentation Group (IRIG) time code formats, such as one pulse per second (1PPS), or the IEEE 1588 protocol.
  • IRIG Inter Range Instrumentation Group
  • relay 117 is configured to determine whether a fault condition exists, requiring relay 117 to open in order to protect devices of substation 110 .
  • Relay operational data such as the open/close status of relay 117 , may be transmitted to ssPDC 131 by way of a relay communication channel 133 .
  • relay 117 receives synchronization data from synchronization unit 139 .
  • Relay 117 may transmit relay operational data using a standardized communication protocol, such as Distributed Network Protocol (DNP) or Manufacturing Message Specification (MMS). It shall be appreciated that any or all of the foregoing features of relay 117 may also be present in the other relays disclosed herein.
  • DNP Distributed Network Protocol
  • MMS Manufacturing Message Specification
  • PMU 119 is structured to receive information 111 and generate phasor data using information 111 .
  • the phasor data represents electrical characteristics of power line 103 as phasors at a time instant.
  • phasor data may include a vector representation of voltage and current at a fundamental frequency, such as 50 Hz or 60 Hz.
  • PMU 119 receives synchronization data from synchronization unit 139 .
  • PMU 119 transmits the synchronized phasor data to ssPDC 131 by way of a PMU communication channel 134 using a communication protocol, such as C37.118. It shall be appreciated that any or all of the foregoing features of PMU 119 may also be present in the other PMUs disclosed herein.
  • PMU 119 may be one of several types of electrical substation devices that are structured to measure voltages and currents of a power grid and output time-stamped voltage and current phasors.
  • PMU 119 can be structured as a dedicated device or can be incorporated into a protective relay or other substation device.
  • PMU 119 may be operatively coupled to receive input from a current transformer and to provide a current phasor as an output based upon the received input and/or operatively coupled to receive input from a voltage transformer and to provide a voltage phasor as an output based upon the received input.
  • the PMU may also output phasors in phase quantities and sequence quantities.
  • positive sequence voltage and/or current phasors are calculated using the phase voltage and current phase quantities, respectively.
  • the PMU may also output the frequency and rate of change of frequency. Connections between the PMU 119 and the voltage transformer and/or current transformer may correspond to the number of current phases or voltage phases being measured, for example, a three-phase voltage or a three-phase current may utilize three separate electrical connections to a voltage transformer or a current transformer, respectively.
  • Merging unit 121 is structured to receive information 111 , generate merging unit data using information 111 , and output merging unit data.
  • Merging unit data may be generated by sampling the real-time outputs of voltage transformer 109 and current transformer 107 , receiving time synchronization data from synchronization unit 139 , and combining the synchronization data and the sampled values, also known as sampled measured values or IEC 61850-9-2 values, into a data set.
  • the merging unit data may be mapped to a sampled value (SV) protocol such as IEC 61850-9-2.
  • merging unit 121 transmits SV data to PMU 127 and relay 129 by way of merging unit communication channel 125 .
  • Merging unit data may also be generated by mapping received circuit breaker status information to IEC 61850-8-1 Generic Object Oriented Substation Event (GOOSE) protocol.
  • merging unit 121 transmits GOOSE data to relay 129 .
  • merging unit 121 uses the merging unit data set to generate synchrophasor data and transmits the synchrophasor data to ssPDC 131 using IEC 61850-5 communication protocol.
  • Merging unit 121 may be one of several types of electrical substation devices that are structured to measure voltages and currents within an electrical substation and output time-stamped voltage and current measurements, such as phasors or sampled values. Merging unit may send sampled values to multiple devices, including relays and PMUs. In certain embodiments, relays and PMUs may receive sampled values from merging unit 121 instead of receiving a signal from current transformer 107 and voltage transformer 109 . In various forms, merging unit 121 can be structured as a dedicated device or can be incorporated into an intelligent electronic device or another substation device.
  • merging unit 121 may be operatively coupled to receive input from a current transformer and to provide a sampled current value as an output based upon the received input and/or operatively coupled to receive input from a voltage transformer and to provide a sampled voltage value as an output based upon the received input. Connections between the merging unit 121 and the voltage transformer and/or current transformer may correspond to the number of current phases or voltage phases being measured, for example, a three-phase voltage or a three-phase current may utilized three separate electrical connections to three voltage transformers or three current transformers, respectively.
  • Merging unit 121 may transmit synchophasors directly to ssPDC 131 or may transmit sampled values to other devices in the electrical substation for processing. Merging unit 121 can receive the GOOSE trip signal, such as a circuit breaker open/close command message from a relay, and then send the open/close trip signal to an operatively coupled circuit breaker.
  • PMU 127 is structured to receive SV data from merging unit 121 , receive time synchronization data from synchronization unit 139 , calculate phasor data using the SV data and time synchronization data, and output the phasor data to ssPDC 131 by way of communication channel 135 .
  • Relay 129 is structured to receive the SV data and GOOSE data from merging unit 121 and output relay measurements and operational data to ssPDC 131 .
  • ssPDC 131 is configured to detect false data received by ssPDC 131 using local state estimation. For example, false data may be injected by a cyber intruder. As explained in more detail below, when ssPDC 131 detects false data regarding a circuit breaker status, the false data is removed and replaced with calculated circuit breaker status data. When ssPDC 131 detects false phasor data, ssPDC 131 eliminates the false data and replaces the eliminated false data with data from an uncorrupted data source.
  • ssPDC 131 may also transmit an alarm indicating false data has been detected.
  • the alarm may include a message transmitted to an external device such as a SCADA system.
  • a blocking command may be sent to a local circuit breaker configured to control the circuit breaker so as to ignore trip commands until a technician addresses the cyberattack.
  • ssPDC 131 may be one of several types of electrical substation devices that are structured to collect local substation measurements and transmit the collected measurements to an external device, such as a system operator, a SCADA system, a regional coordinating council, or a centralized data concentrator.
  • ssPDC 131 can be structured as a dedicated device or can be incorporated into an intelligent electronic device or other substation device.
  • ssPDC 131 includes a server structured to store historical phasor measurements. Before transmitting the collected substation measurements to another device, such as a centralized phasor data concentrator, ssPDC 131 may evaluate the measurements for accuracy.
  • Substation 210 includes an electric power line 203 coupled to a bus bar 201 .
  • Substation 210 further includes a circuit breaker 205 , and current transformer 207 , and a voltage transformer 209 , each operatively coupled to power line 203 .
  • Substation 210 includes a PMU 215 , a merging unit 217 , a relay 219 , and an ssPDC 231 .
  • System 200 includes a synchronization unit 233 configured to transmit synchronization data to PMU 215 , relay 219 , and merging unit 217 by way of a time synchronization communication channel 235 .
  • a set of information 211 including circuit breaker 205 status, and outputs from current transformer 207 and voltage transformer 209 are transmitted to PMU 215 and merging unit 217 .
  • PMU 215 is configured to generate synchronized phasor data and circuit breaker status data using information 211 , and output the generated data to ssPDC 231 by way of PMU communication channel 227 .
  • Merging unit 217 is configured to output SV and GOOSE data to relay 219 using merging unit communication channels 221 and 223 , respectively. Merging unit 217 is also configured to generate synchrophasor data using information 211 and output synchrophasor data to ssPDC 231 by way of communication channel 225 using communication protocol IEC 61850-90-5.
  • Relay 219 is configured to receive SV and GOOSE data from merging unit 217 . Using the received data, relay 219 determines whether a fault condition is occurring within substation 210 , and transmits operation data to ssPDC 231 by way of communication channel 229 . It shall be appreciated that any or all of the foregoing features of system 200 may also be present in the other electrical substation data collection systems disclosed herein.
  • System 300 includes a local state estimation module 320 structured to receive a plurality of inputs 310 .
  • the plurality of inputs 310 include phasor data derived from sampled value data 311 , PMU data 313 , relay operational data 315 , and circuit breaker status data 317 .
  • State estimation module 320 is structured to estimate the electrical characteristics of a substation, such as substation 110 and substation 120 .
  • Module 320 outputs the estimated state to a plurality of analysis modules 330 .
  • Module 331 analyzes the output of the state estimation module, to determine whether false data was received with the ssPDC.
  • mitigation module 341 is configured to eliminate the data and replace the removed data with measurements from another substation device.
  • Module 341 repeats the state estimation of module 320 until all the false data is successfully removed.
  • module 333 identifies filtered measurements of module 320 .
  • Module 343 transmits the filtered measurements to external applications, such as a SCADA system or central PDC.
  • process 400 for identifying and responding to false sampled value measurements, phasor data, or circuit breaker status data received with a substation phasor data concentrator, such as ssPDC 131 of FIG. 1 .
  • a substation phasor data concentrator such as ssPDC 131 of FIG. 1 .
  • process 400 is made with reference to electrical substation data collection system 100 illustrated in FIG. 1 . It is to be understood, however, that process 400 may be used in combination with other forms of electrical substation data collection systems, such as those described above with reference to FIG. 2 .
  • Process 400 begins at start operation 401 where a cyber intruder has already injected false data into data collection system 100 .
  • Process 400 proceeds to operation 403 where ssPDC 131 receives circuit breaker status data, relay operational data, and real-time phasor data calculated using phasor data from PMU 119 and phasor data from PMU 127 derived from SV data generated with merging unit 121 .
  • Process 400 proceeds to operation 405 where ssPDC 131 stores the received data.
  • Process 400 then proceeds to operation 407 where ssPDC 131 evaluates the stored data in order to estimate circuit breaker 105 status.
  • Process 400 proceeds to conditional 409 where the estimated circuit breaker status is compared to the received circuit breaker status data. If ssPDC 131 detects bad data, process 400 proceeds to operation 411 where the false circuit breaker data is removed from the memory of ssPDC 131 . Process 400 then proceeds to operation 407 where circuit breaker status is estimated again. Process 400 then returns to conditional 409 .
  • process 400 proceeds to operation 415 where ssPDC 131 performs observability analysis to confirm enough data has been received with ssPDC 131 to proceed with state estimation.
  • observability of the system can be calculated using node incidence matrix H.
  • the network is observable if and only if h has full rank, where h is obtained from H by deleting any column.
  • the system is observable if all the nodal voltages are either measured or can be calculated from the measured ones using a spanning tree of the power system graph.
  • Process 400 then proceeds to operation 417 where ssPDC 131 performs local state estimation. Pseudo measurements may be calculated using local measurements.
  • a pseudo measurement for a current and voltage measurement in a neighboring substation may be calculated using local current and voltage measurements, as well as line parameter data for the line connecting the local substation to the neighboring substation.
  • all data input at operation 403 is synchronized and linear state estimation will be used to analyze the PMU and SV data.
  • nonlinear state estimation will be used to analyze the PMU and SV data.
  • Process 400 proceeds to operation 419 where ssPDC 131 evaluates the stored data. False data may be detected using an algorithm such as Chi-square distribution, normalized residuals, or hypothesis testing identification, to name but a few examples. Process 400 proceeds to conditional 421 . If false data is detected, process 400 proceeds to operation 423 where false data is removed from memory in ssPDC and replaced with another data set. For example, false data detected in PMU data will be replaced with SV data. Process proceeds to operation 417 . If false data is not detected, process 400 proceeds to operation 425 where ssPDC 121 has finished analyzing the received data and confirms all false data has been removed. The filtered data can then be transmitted to a central phasor data concentrator or another external device. Process 400 proceeds to end operation 427 .
  • ssPDC 131 evaluates the stored data. False data may be detected using an algorithm such as Chi-square distribution, normalized residuals, or hypothesis testing identification, to name but a few examples. Process 400 proceeds to conditional
  • process 400 includes, for example, the omission of one or more aspects of process 400 , or the addition of further conditionals and operations and/or the reorganization or separation of operations and conditionals into separate processes.
  • One embodiment is a method for detecting and compensating for a false data injection cyber-attack on an electrical substation including a merging unit (MU), a phasor measurement unit (PMU), and a substation phasor data concentrator (ssPDC), the method comprising operating the PMU to receive input from at least one of a current transformer of the electrical substation, a voltage transformer of the electrical substation and a circuit breaker of the electrical substation and to provide a PMU measurement output based upon the received input, the PMU measurement output including one of a PMU current phasor, a PMU voltage phasor, and a PMU circuit breaker status indication; operating the MU to receive input from the at least one of the current transformer of the electrical substation, the voltage transformer of the electrical substation and the circuit breaker of the electrical substation and to provide an MU measurement output based upon the received input, the MU measurement output including one of an MU current phasor,
  • the ssPDC receives the MU measurement by way of communication protocol IEC 61850-90-5.
  • the electrical substation includes a circuit breaker and the set of electrical characteristics includes a circuit breaker status.
  • the false data includes an inaccurate circuit breaker status and replacing the false data includes replacing the inaccurate circuit breaker status using the received PMU measurement or MU measurement.
  • the method comprises transmitting, with the ssPDC, an alarm in response to determining that one of the stored first input and the stored second input comprises false data.
  • state estimation includes one of Chi-square distribution, normalized residuals, and hypothesis testing identification.
  • determining, with the ssPDC, that one of the stored first input and the stored second input comprises false data includes using historical MU measurements or PMU measurements.
  • a substation phasor data concentrator for an electrical substation comprising a phasor measurement unit (PMU) input structured to receive a PMU measurement from a PMU, the PMU measurement including a circuit breaker status and a phasor corresponding to a set of substation electrical characteristics; a merging unit (MU) input structured to receive an MU measurement from an MU including a phasor corresponding to the set of substation electrical characteristics; a non-transitory memory device structured to store the PMU measurement, the MU measurement, and a set of instructions; and a processing device structured to execute the set of instructions stored with the memory device configured to receive with the MU input a first measurement indicated as the MU measurement and; receive with the PMU input a second measurement indicated as the PMU measurement; estimate a circuit breaker status using the first and second measurement; determine the estimated circuit breaker status does not correspond to the circuit breaker status of the PMU measurement; replace the circuit breaker status of the PMU measurement with
  • PMU phasor measurement unit
  • the set of electrical characteristics include voltage and current.
  • the PMU measurement and the MU measurement are time synchronized.
  • the MU input receives the MU measurement by way of a phasor measurement unit structured to receive data from the merging unit, convert the data into a phasor measurement, and transmit the phasor measurement to the MU input.
  • the MU input receives the MU measurement and the PMU input receives the PMU measurement by way of a wireless communication channel.
  • the ssPDC comprises a protective relay input structured to receive a circuit breaker status from a protective relay.
  • the processing device repeatedly estimates the set of substation electrical characteristics using the data received from the PMU input and the MU input until the processing device determines the first measurement and second measurement do not include a false measurement.
  • the MU measurement is received with the ssPDC by way of an IEC 61850-90-5 communication protocol or an IEC 61850-9-2 communication protocol, and the PMU measurement is received with the ssPDC by way of a C37.118 communication protocol.
  • a further exemplary embodiment is a method for detecting and eliminating false data collected within an electrical substation including a first measurement unit, a second measurement unit, and a substation phasor data concentrator (ssPDC), comprising receiving, with the first measurement unit, a set of line information from a current transformer and a voltage transformer corresponding electrical characteristics of the electrical substation; generating, with the first measurement unit, a first phasor measurement using the set of line information; receiving, with the second measurement unit, the set of line information from the current transformer and the voltage transformer; generating, with the second measurement unit, a set of sampled values; converting the set of sampled values into a second phasor measurement; receiving, with the ssPDC, one of the first phasor measurement and the second phasor measurement; receiving, with the ssPDC, a set of false data which does not correspond to electrical characteristics of the electrical substation; determining, with the ssPDC, the set of false data does not correspond to the electrical characteristics of the electrical sub
  • the set of false data and electrical characteristics include the status of a circuit breaker and determining the set of false data does not correspond to electrical characteristics of the electrical substation using local state estimation includes estimating the status of the circuit breaker and comparing the estimated status with the set of false data.
  • the set of sampled values are IEC 61850-9-2 sampled values.
  • the sampled values are transmitted to one of a protective relay and a phasor measurement unit, converted to the second phasor measurement, and transmitted to the ssPDC.
  • the second phasor measurement is transmitted to the ssPDC by way of an C37.118 communication protocol, a manufacturing message specification communication protocol, or a distributed network protocol.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Remote Monitoring And Control Of Power-Distribution Networks (AREA)

Abstract

Unique systems, methods, techniques and apparatuses of a substation phasor data concentrator (ssPDC) is disclosed herein. One exemplary embodiment is a method for operating an electrical substation including a merging unit (MU), a phasor measurement unit (PMU), and a substation phasor data concentrator (ssPDC). The method includes receiving, with the MU and the PMU, input information corresponding to a set of electrical characteristics of the electrical substation; measuring, with the MU, the input information; measuring, with the PMU, the input information; a and estimating, with the ssPDC, electrical characteristics of the electrical substation using the received false measurement and the one of the MU measurement and the PMU measurement, determining in substantially real time the false measurement does not correspond to the set of electrical characteristics using the estimated electric characteristics, and replacing the false measurement with the received the one of the MU measurement and the PMU measurement.

Description

STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
This invention was made with U.S. Government support under Contract No. DE-OE0000674 awarded by the Department of Energy. The Government has certain rights in this invention.
BACKGROUND
The present disclosure relates generally to false data detection in electrical substations using a local substation phasor data concentrator (ssPDC). Measurement data collected within a substation is transmitted to a local ssPDC before being transmitted to a centralized data processor, such as a supervisory control and data acquisition system (SCADA) or a control center level phasor data concentrator system. The measurement data is transmitted by way of wireless and wired communication channels. A cyber intruder, injecting false data into a wireless or wired communication channel of an electrical substation, could disrupt the operation of the centralized data processor, driving the utility grid into an emergency operating state. Existing false data detection systems suffer from a number of shortcomings and disadvantages. There remain unmet needs including reduced substation downtime following a cyberattack. For instance, an electrical substation may respond to a cyberattack detection by ceasing operating until a technician determines the extent of the cyberattack. There is a significant need for the unique apparatuses, methods, systems and techniques disclosed herein.
DISCLOSURE OF ILLUSTRATIVE EMBODIMENTS
For the purposes of clearly, concisely and exactly describing non-limiting exemplary embodiments of the disclosure, the manner and process of making and using the same, and to enable the practice, making and use of the same, reference will now be made to certain exemplary embodiments, including those illustrated in the figures, and specific language will be used to describe the same. It shall nevertheless be understood that no limitation of the scope of the present disclosure is thereby created, and that the present disclosure includes and protects such alterations, modifications, and further applications of the exemplary embodiments as would occur to one skilled in the art with the benefit of the present disclosure.
SUMMARY
Exemplary embodiments include unique systems, methods, techniques and apparatuses for detecting and removing false data in electrical substation data collection systems. Further embodiments, forms, objects, features, advantages, aspects and benefits of the disclosure shall become apparent from the following description and drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIGS. 1 and 2 illustrate exemplary electrical substation data collection systems.
FIG. 3 is a schematic block diagram illustrating an exemplary substation phasor data concentrator.
FIG. 4 is a flowchart illustrating an exemplary process for detecting and replacing false data.
 DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS
With reference to FIG. 1 there is illustrated an exemplary electrical substation data collection system 100 including an electrical substation 110 operatively coupled to a utility grid. It shall be appreciated that substation 110 may be a transmission substation, a distribution substation, a converter substation, and collection substation, or a switching substation, to name but a few examples.
Substation 110 includes a substation phasor data concentrator (ssPDC) 131 structured to receive data from other devices of substation 110 by way of wireless or wired communication channels, verify the accuracy of the received data, eliminate and replace inaccurate data, and transmit accurate data to another device, such as a supervisory control and data acquisition system (SCADA) or a central phasor data concentrator structured to receive data from a plurality of electrical substations.
In the illustrated embodiment, substation 110 includes an electrical power line 103 structured to transmit electric power having electrical characteristics including voltage and current. Substation 110 may also include additional electrical power lines such that substation 110 receives and transmits multiphase power, each power line having distinct electrical characteristics.
Substation 110 includes a circuit breaker 105, a current transformer 107, and a voltage transformer, each operatively coupled to power line 103. Where substation 110 is structured to receive and transmit multiphase power, a circuit breaker, current transformer, and a voltage transformer may be operatively coupled to each additional power line.
Circuit breaker 105 is structured to selectively disrupt the flow of electrical current in line 103 in response to detecting a fault condition. When circuit breaker 105 is closed, electrical current can flow through power line 103. When circuit breaker 105 is open, electrical current cannot flow through power line 103. Circuit breaker 105 is configured to output the open/closed status of breaker 105.
Current transformer 107 is structured to receive power from line 103, step down the current of the received power, and output the power with the stepped down current. For example, the output of current transformer 107 may be power with a current within a range of 0 A to 5 A.
Voltage transformer 109 is structured to receive power from line 103, step down the voltage of the received power, and output the power with the stepped down voltage. For example, the output of voltage transformer 109 may be power with a voltage within a range of 0 V to 120 V.
Substation 110 includes a plurality of devices structured to receive a set of information 111 from circuit breaker 105, current transformer 107, and voltage transformer 109. Information 111 includes data corresponding to electrical characteristics of the power received and transmitted with line 103, such as current, voltage, and circuit breaker status. In the illustrated embodiment, information 111 a is data related to circuit breaker status, information 111 b is current transformer output, and information 111 c is voltage transformer output.
In the illustrated embodiment, substation 110 includes protective relay 117, a phasor measurement unit (PMU) 119, and a merging unit 121, each coupled to and structured to receive information 111 from circuit breaker 105, current transformer 107, and voltage transformer 109. In other embodiments, substation 110 includes additional or fewer devices structured to receive information 111 or portion of information 111.
System 100 includes an external synchronization unit 139 configured to communicate with substation 110 by way of a time synchronization communication channel 141. Unit 139 is structured to transmit synchronization data using channel 141. In the illustrated embodiment, unit 139 is a global positioning system. In certain embodiments, unit 139 is configured to operate according to Inter Range Instrumentation Group (IRIG) time code formats, such as one pulse per second (1PPS), or the IEEE 1588 protocol.
Using information 111, relay 117 is configured to determine whether a fault condition exists, requiring relay 117 to open in order to protect devices of substation 110. Relay operational data, such as the open/close status of relay 117, may be transmitted to ssPDC 131 by way of a relay communication channel 133. In order to synchronize the relay operational data transmitted to ssPDC 131, relay 117 receives synchronization data from synchronization unit 139. Relay 117 may transmit relay operational data using a standardized communication protocol, such as Distributed Network Protocol (DNP) or Manufacturing Message Specification (MMS). It shall be appreciated that any or all of the foregoing features of relay 117 may also be present in the other relays disclosed herein.
PMU 119 is structured to receive information 111 and generate phasor data using information 111. The phasor data represents electrical characteristics of power line 103 as phasors at a time instant. For example, phasor data may include a vector representation of voltage and current at a fundamental frequency, such as 50 Hz or 60 Hz. In order to synchronize the phasor data transmitted to ssPDC 131, PMU 119 receives synchronization data from synchronization unit 139. PMU 119 transmits the synchronized phasor data to ssPDC 131 by way of a PMU communication channel 134 using a communication protocol, such as C37.118. It shall be appreciated that any or all of the foregoing features of PMU 119 may also be present in the other PMUs disclosed herein.
PMU 119 may be one of several types of electrical substation devices that are structured to measure voltages and currents of a power grid and output time-stamped voltage and current phasors. In various forms, PMU 119 can be structured as a dedicated device or can be incorporated into a protective relay or other substation device. In certain forms, PMU 119 may be operatively coupled to receive input from a current transformer and to provide a current phasor as an output based upon the received input and/or operatively coupled to receive input from a voltage transformer and to provide a voltage phasor as an output based upon the received input. The PMU may also output phasors in phase quantities and sequence quantities. In sequence quantities, positive sequence voltage and/or current phasors are calculated using the phase voltage and current phase quantities, respectively. The PMU may also output the frequency and rate of change of frequency. Connections between the PMU 119 and the voltage transformer and/or current transformer may correspond to the number of current phases or voltage phases being measured, for example, a three-phase voltage or a three-phase current may utilize three separate electrical connections to a voltage transformer or a current transformer, respectively.
Merging unit 121 is structured to receive information 111, generate merging unit data using information 111, and output merging unit data. Merging unit data may be generated by sampling the real-time outputs of voltage transformer 109 and current transformer 107, receiving time synchronization data from synchronization unit 139, and combining the synchronization data and the sampled values, also known as sampled measured values or IEC 61850-9-2 values, into a data set. The merging unit data may be mapped to a sampled value (SV) protocol such as IEC 61850-9-2. In the illustrated embodiment, merging unit 121 transmits SV data to PMU 127 and relay 129 by way of merging unit communication channel 125. Merging unit data may also be generated by mapping received circuit breaker status information to IEC 61850-8-1 Generic Object Oriented Substation Event (GOOSE) protocol. In the illustrated embodiment, merging unit 121 transmits GOOSE data to relay 129. In certain embodiments, merging unit 121 uses the merging unit data set to generate synchrophasor data and transmits the synchrophasor data to ssPDC 131 using IEC 61850-5 communication protocol.
Merging unit 121 may be one of several types of electrical substation devices that are structured to measure voltages and currents within an electrical substation and output time-stamped voltage and current measurements, such as phasors or sampled values. Merging unit may send sampled values to multiple devices, including relays and PMUs. In certain embodiments, relays and PMUs may receive sampled values from merging unit 121 instead of receiving a signal from current transformer 107 and voltage transformer 109. In various forms, merging unit 121 can be structured as a dedicated device or can be incorporated into an intelligent electronic device or another substation device. In certain forms, merging unit 121 may be operatively coupled to receive input from a current transformer and to provide a sampled current value as an output based upon the received input and/or operatively coupled to receive input from a voltage transformer and to provide a sampled voltage value as an output based upon the received input. Connections between the merging unit 121 and the voltage transformer and/or current transformer may correspond to the number of current phases or voltage phases being measured, for example, a three-phase voltage or a three-phase current may utilized three separate electrical connections to three voltage transformers or three current transformers, respectively. Merging unit 121 may transmit synchophasors directly to ssPDC 131 or may transmit sampled values to other devices in the electrical substation for processing. Merging unit 121 can receive the GOOSE trip signal, such as a circuit breaker open/close command message from a relay, and then send the open/close trip signal to an operatively coupled circuit breaker.
PMU 127 is structured to receive SV data from merging unit 121, receive time synchronization data from synchronization unit 139, calculate phasor data using the SV data and time synchronization data, and output the phasor data to ssPDC 131 by way of communication channel 135. Relay 129 is structured to receive the SV data and GOOSE data from merging unit 121 and output relay measurements and operational data to ssPDC 131.
Using the data received from the relays, merging unit, and PMUs of substation 110, ssPDC 131 is configured to detect false data received by ssPDC 131 using local state estimation. For example, false data may be injected by a cyber intruder. As explained in more detail below, when ssPDC 131 detects false data regarding a circuit breaker status, the false data is removed and replaced with calculated circuit breaker status data. When ssPDC 131 detects false phasor data, ssPDC 131 eliminates the false data and replaces the eliminated false data with data from an uncorrupted data source. For example, if ssPDC 131 receives false phasor data from communication channel 135, the phasor data derived from the SV data is compromised, and ssPDC 131 replaces the false phasor data using PMU data. ssPDC 131 may also transmit an alarm indicating false data has been detected. The alarm may include a message transmitted to an external device such as a SCADA system. Furthermore, a blocking command may be sent to a local circuit breaker configured to control the circuit breaker so as to ignore trip commands until a technician addresses the cyberattack.
ssPDC 131 may be one of several types of electrical substation devices that are structured to collect local substation measurements and transmit the collected measurements to an external device, such as a system operator, a SCADA system, a regional coordinating council, or a centralized data concentrator. In various forms, ssPDC 131 can be structured as a dedicated device or can be incorporated into an intelligent electronic device or other substation device. In certain forms, ssPDC 131 includes a server structured to store historical phasor measurements. Before transmitting the collected substation measurements to another device, such as a centralized phasor data concentrator, ssPDC 131 may evaluate the measurements for accuracy.
While the embodiments described hereinafter may not specifically describe features analogous to the features of system 100, such features may nonetheless be employed in connection with the described systems.
With reference to FIG. 2 there is illustrated an exemplary electrical substation data collection system 200 including an electrical substation 210. Substation 210 includes an electric power line 203 coupled to a bus bar 201. Substation 210 further includes a circuit breaker 205, and current transformer 207, and a voltage transformer 209, each operatively coupled to power line 203.
Substation 210 includes a PMU 215, a merging unit 217, a relay 219, and an ssPDC 231. System 200 includes a synchronization unit 233 configured to transmit synchronization data to PMU 215, relay 219, and merging unit 217 by way of a time synchronization communication channel 235.
A set of information 211 including circuit breaker 205 status, and outputs from current transformer 207 and voltage transformer 209 are transmitted to PMU 215 and merging unit 217. PMU 215 is configured to generate synchronized phasor data and circuit breaker status data using information 211, and output the generated data to ssPDC 231 by way of PMU communication channel 227.
Merging unit 217 is configured to output SV and GOOSE data to relay 219 using merging unit communication channels 221 and 223, respectively. Merging unit 217 is also configured to generate synchrophasor data using information 211 and output synchrophasor data to ssPDC 231 by way of communication channel 225 using communication protocol IEC 61850-90-5.
Relay 219 is configured to receive SV and GOOSE data from merging unit 217. Using the received data, relay 219 determines whether a fault condition is occurring within substation 210, and transmits operation data to ssPDC 231 by way of communication channel 229. It shall be appreciated that any or all of the foregoing features of system 200 may also be present in the other electrical substation data collection systems disclosed herein.
With reference to FIG. 3 there is a block diagram illustrating an exemplary data collection system 300 such as data collection systems 100 and 200 of FIGS. 1 and 2, respectively. System 300 includes a local state estimation module 320 structured to receive a plurality of inputs 310. The plurality of inputs 310 include phasor data derived from sampled value data 311, PMU data 313, relay operational data 315, and circuit breaker status data 317.
State estimation module 320 is structured to estimate the electrical characteristics of a substation, such as substation 110 and substation 120. Module 320 outputs the estimated state to a plurality of analysis modules 330. Module 331 analyzes the output of the state estimation module, to determine whether false data was received with the ssPDC. When false data is identified, mitigation module 341 is configured to eliminate the data and replace the removed data with measurements from another substation device. Module 341 repeats the state estimation of module 320 until all the false data is successfully removed. When false data is not identified, module 333 identifies filtered measurements of module 320. Module 343 transmits the filtered measurements to external applications, such as a SCADA system or central PDC.
With reference to FIG. 4, there is illustrated an exemplary process 400 for identifying and responding to false sampled value measurements, phasor data, or circuit breaker status data received with a substation phasor data concentrator, such as ssPDC 131 of FIG. 1. The following description of process 400 is made with reference to electrical substation data collection system 100 illustrated in FIG. 1. It is to be understood, however, that process 400 may be used in combination with other forms of electrical substation data collection systems, such as those described above with reference to FIG. 2.
Process 400 begins at start operation 401 where a cyber intruder has already injected false data into data collection system 100. Process 400 proceeds to operation 403 where ssPDC 131 receives circuit breaker status data, relay operational data, and real-time phasor data calculated using phasor data from PMU 119 and phasor data from PMU 127 derived from SV data generated with merging unit 121. Process 400 proceeds to operation 405 where ssPDC 131 stores the received data. Process 400 then proceeds to operation 407 where ssPDC 131 evaluates the stored data in order to estimate circuit breaker 105 status. For example, the measured phasor values from PMU and SV data can be used to estimate circuit breaker status with the following logic statement:
If (I pmu ≠I sv)V(I pmu=0)V(I sv=0) then open
If the current phasor values from SV and PMU data are not the same, the current phasor of PMU measurement is zero, or the current phasor measurement of SV is zero, then circuit breaker 105 is estimated to be open.
Process 400 proceeds to conditional 409 where the estimated circuit breaker status is compared to the received circuit breaker status data. If ssPDC 131 detects bad data, process 400 proceeds to operation 411 where the false circuit breaker data is removed from the memory of ssPDC 131. Process 400 then proceeds to operation 407 where circuit breaker status is estimated again. Process 400 then returns to conditional 409.
If ssPDC 131 does not detect false data, process 400 proceeds to operation 415 where ssPDC 131 performs observability analysis to confirm enough data has been received with ssPDC 131 to proceed with state estimation. For example, by applying the graph theory, observability of the system can be calculated using node incidence matrix H. The network is observable if and only if h has full rank, where h is obtained from H by deleting any column. In another example, the system is observable if all the nodal voltages are either measured or can be calculated from the measured ones using a spanning tree of the power system graph. Process 400 then proceeds to operation 417 where ssPDC 131 performs local state estimation. Pseudo measurements may be calculated using local measurements. For example, a pseudo measurement for a current and voltage measurement in a neighboring substation may be calculated using local current and voltage measurements, as well as line parameter data for the line connecting the local substation to the neighboring substation. In one embodiment, all data input at operation 403 is synchronized and linear state estimation will be used to analyze the PMU and SV data. In other embodiments, nonlinear state estimation will be used to analyze the PMU and SV data.
Process 400 proceeds to operation 419 where ssPDC 131 evaluates the stored data. False data may be detected using an algorithm such as Chi-square distribution, normalized residuals, or hypothesis testing identification, to name but a few examples. Process 400 proceeds to conditional 421. If false data is detected, process 400 proceeds to operation 423 where false data is removed from memory in ssPDC and replaced with another data set. For example, false data detected in PMU data will be replaced with SV data. Process proceeds to operation 417. If false data is not detected, process 400 proceeds to operation 425 where ssPDC 121 has finished analyzing the received data and confirms all false data has been removed. The filtered data can then be transmitted to a central phasor data concentrator or another external device. Process 400 proceeds to end operation 427.
It shall be further appreciated that a number of variations and modifications to process 400 are contemplated including, for example, the omission of one or more aspects of process 400, or the addition of further conditionals and operations and/or the reorganization or separation of operations and conditionals into separate processes.
Further written description of a number of exemplary embodiments shall now be provided. One embodiment is a method for detecting and compensating for a false data injection cyber-attack on an electrical substation including a merging unit (MU), a phasor measurement unit (PMU), and a substation phasor data concentrator (ssPDC), the method comprising operating the PMU to receive input from at least one of a current transformer of the electrical substation, a voltage transformer of the electrical substation and a circuit breaker of the electrical substation and to provide a PMU measurement output based upon the received input, the PMU measurement output including one of a PMU current phasor, a PMU voltage phasor, and a PMU circuit breaker status indication; operating the MU to receive input from the at least one of the current transformer of the electrical substation, the voltage transformer of the electrical substation and the circuit breaker of the electrical substation and to provide an MU measurement output based upon the received input, the MU measurement output including one of an MU current phasor, an MU voltage phasor, and an MU circuit breaker status indication; receiving with the ssPDC a first input indicated as the PMU measurement output and a second input indicated as the MU measurement output and storing the first input and the second input in respective non-transitory memory locations; performing an electrical state estimation for the substation using the stored first input and the stored second input; determining, with the ssPDC, that one of the stored first input and the stored second input comprises false data based upon a discrepancy between the state estimation and the one of the stored first input and the second stored input; and replacing, in the memory of the ssPDC, the one of the stored first input and the stored second input which comprises false data with the other of the stored first input and the stored second input.
In certain forms of the foregoing method, the ssPDC receives the MU measurement by way of communication protocol IEC 61850-90-5. In certain forms, the electrical substation includes a circuit breaker and the set of electrical characteristics includes a circuit breaker status. In certain forms, the false data includes an inaccurate circuit breaker status and replacing the false data includes replacing the inaccurate circuit breaker status using the received PMU measurement or MU measurement. In certain forms, the method comprises transmitting, with the ssPDC, an alarm in response to determining that one of the stored first input and the stored second input comprises false data. In certain forms, state estimation includes one of Chi-square distribution, normalized residuals, and hypothesis testing identification. In certain forms, determining, with the ssPDC, that one of the stored first input and the stored second input comprises false data includes using historical MU measurements or PMU measurements.
Another exemplary embodiment is a substation phasor data concentrator (ssPDC) for an electrical substation comprising a phasor measurement unit (PMU) input structured to receive a PMU measurement from a PMU, the PMU measurement including a circuit breaker status and a phasor corresponding to a set of substation electrical characteristics; a merging unit (MU) input structured to receive an MU measurement from an MU including a phasor corresponding to the set of substation electrical characteristics; a non-transitory memory device structured to store the PMU measurement, the MU measurement, and a set of instructions; and a processing device structured to execute the set of instructions stored with the memory device configured to receive with the MU input a first measurement indicated as the MU measurement and; receive with the PMU input a second measurement indicated as the PMU measurement; estimate a circuit breaker status using the first and second measurement; determine the estimated circuit breaker status does not correspond to the circuit breaker status of the PMU measurement; replace the circuit breaker status of the PMU measurement with the estimated circuit breaker status; estimate the set of substation electrical characteristics using PMU measurement and the MU measurement, determine the first measurement or second measurement includes a false measurement which does not correspond to the set of electrical characteristics using the estimated set of substation electrical characteristics, and replace the false measurement with one of the MU measurement and the PMU measurement.
In certain forms of the foregoing ssPDC, the set of electrical characteristics include voltage and current. In certain forms, the PMU measurement and the MU measurement are time synchronized. In certain forms, the MU input receives the MU measurement by way of a phasor measurement unit structured to receive data from the merging unit, convert the data into a phasor measurement, and transmit the phasor measurement to the MU input. In certain forms, the MU input receives the MU measurement and the PMU input receives the PMU measurement by way of a wireless communication channel. In certain forms, the ssPDC comprises a protective relay input structured to receive a circuit breaker status from a protective relay. In certain forms, the processing device repeatedly estimates the set of substation electrical characteristics using the data received from the PMU input and the MU input until the processing device determines the first measurement and second measurement do not include a false measurement. In certain forms, the MU measurement is received with the ssPDC by way of an IEC 61850-90-5 communication protocol or an IEC 61850-9-2 communication protocol, and the PMU measurement is received with the ssPDC by way of a C37.118 communication protocol.
A further exemplary embodiment is a method for detecting and eliminating false data collected within an electrical substation including a first measurement unit, a second measurement unit, and a substation phasor data concentrator (ssPDC), comprising receiving, with the first measurement unit, a set of line information from a current transformer and a voltage transformer corresponding electrical characteristics of the electrical substation; generating, with the first measurement unit, a first phasor measurement using the set of line information; receiving, with the second measurement unit, the set of line information from the current transformer and the voltage transformer; generating, with the second measurement unit, a set of sampled values; converting the set of sampled values into a second phasor measurement; receiving, with the ssPDC, one of the first phasor measurement and the second phasor measurement; receiving, with the ssPDC, a set of false data which does not correspond to electrical characteristics of the electrical substation; determining, with the ssPDC, the set of false data does not correspond to the electrical characteristics of the electrical substation using local state estimation; and replacing the set of false data using the one of the first phasor measurement and the second phasor measurement received with the ssPDC.
In certain forms of the foregoing method, the set of false data and electrical characteristics include the status of a circuit breaker and determining the set of false data does not correspond to electrical characteristics of the electrical substation using local state estimation includes estimating the status of the circuit breaker and comparing the estimated status with the set of false data. In certain forms, the set of sampled values are IEC 61850-9-2 sampled values. In certain forms, the sampled values are transmitted to one of a protective relay and a phasor measurement unit, converted to the second phasor measurement, and transmitted to the ssPDC. In certain forms, the second phasor measurement is transmitted to the ssPDC by way of an C37.118 communication protocol, a manufacturing message specification communication protocol, or a distributed network protocol.
It is contemplated that the various aspects, features, processes, and operations from the various embodiments may be used in any of the other embodiments unless expressly stated to the contrary. Certain operations illustrated may be implemented by a computer executing a computer program product on a non-transient computer readable storage medium, where the computer program product includes instructions causing the computer to execute one or more of the operations, or to issue commands to other devices to execute one or more operations.
While the present disclosure has been illustrated and described in detail in the drawings and foregoing description, the same is to be considered as illustrative and not restrictive in character, it being understood that only certain exemplary embodiments have been shown and described and that all changes and modifications that come within the spirit of the present disclosure are desired to be protected. It should be understood that while the use of words such as preferable, preferably, preferred or more preferred utilized in the description above indicate that the feature so described may be more desirable, it nonetheless may not be necessary and embodiments lacking the same may be contemplated as within the scope of the present disclosure, the scope being defined by the claims that follow. In reading the claims, it is intended that when words such as “a,” “an,” “at least one,” or “at least one portion” are used there is no intention to limit the claim to only one item unless specifically stated to the contrary in the claim. The term “of” may connote an association with or a connection to another item as well as a belonging to or a connection with the other item as informed by the context in which it is used. The terms “coupled to,” “coupled with” and the like include indirect connection and coupling and further include but do not require a direct coupling or connection unless expressly indicated to the contrary. When the language “at least a portion” and/or “a portion” is used the item can include a portion and/or the entire item unless specifically stated to the contrary.

Claims (20)

What is claimed is:
1. A method for detecting and compensating for a false data injection cyber-attack on an electrical substation including a merging unit (MU), a phasor measurement unit (PMU), and a substation phasor data concentrator (ssPDC), the method comprising:
operating the PMU to receive input from at least one of a current transformer of the electrical substation, a voltage transformer of the electrical substation and a circuit breaker of the electrical substation and to provide a PMU measurement output based upon the received input, the PMU measurement output including one of a PMU current phasor, a PMU voltage phasor, and a PMU circuit breaker status indication;
operating the MU to receive input from the at least one of the current transformer of the electrical substation, the voltage transformer of the electrical substation and the circuit breaker of the electrical substation and to provide an MU measurement output based upon the received input, the MU measurement output including one of an MU current phasor, an MU voltage phasor, and an MU circuit breaker status indication;
receiving with the ssPDC a first input indicated as the PMU measurement output and a second input indicated as the MU measurement output and storing the first input and the second input in respective non-transitory memory locations;
performing an electrical state estimation for the substation using the stored first input and the stored second input;
determining, with the ssPDC, that one of the stored first input and the stored second input comprises false data based upon a discrepancy between the state estimation and the one of the stored first input and the second stored input; and
replacing, in the memory of the ssPDC, the one of the stored first input and the stored second input which comprises false data with the other of the stored first input and the stored second input.
2. The method of claim 1 wherein the ssPDC receives the MU measurement by way of communication protocol IEC 61850-90-5.
3. The method of claim 1 wherein the electrical substation includes a circuit breaker and the set of electrical characteristics includes a circuit breaker status.
4. The method of claim 3 wherein the false data includes an inaccurate circuit breaker status and replacing the false data includes replacing the inaccurate circuit breaker status using the received PMU measurement or MU measurement.
5. The method of claim 1 comprising transmitting, with the ssPDC, an alarm in response to determining that one of the stored first input and the stored second input comprises false data.
6. The method of claim 1 wherein state estimation includes one of Chi-square distribution, normalized residuals, and hypothesis testing identification.
7. The method of claim 1 wherein determining, with the ssPDC, that one of the stored first input and the stored second input comprises false data includes using historical MU measurements or PMU measurements.
8. A substation phasor data concentrator (ssPDC) for an electrical substation comprising:
a phasor measurement unit (PMU) input structured to receive a PMU measurement from a PMU, the PMU measurement including a circuit breaker status and a phasor corresponding to a set of sub station electrical characteristics;
a merging unit (MU) input structured to receive an MU measurement from an MU including a phasor corresponding to the set of substation electrical characteristics;
a non-transitory memory device structured to store the PMU measurement, the MU measurement, and a set of instructions; and
a processing device structured to execute the set of instructions stored with the memory device configured to:
receive with the MU input a first measurement indicated as the MU measurement and;
receive with the PMU input a second measurement indicated as the PMU measurement;
estimate a circuit breaker status using the first and second measurement;
determine the estimated circuit breaker status does not correspond to the circuit breaker status of the PMU measurement;
replace the circuit breaker status of the PMU measurement with the estimated circuit breaker status;
estimate the set of substation electrical characteristics using PMU measurement and the MU measurement,
determine the first measurement or second measurement includes a false measurement which does not correspond to the set of electrical characteristics using the estimated set of sub station electrical characteristics, and
replace the false measurement with one of the MU measurement and the PMU measurement.
9. The ssPDC of claim 8 wherein the set of electrical characteristics include voltage and current.
10. The ssPDC of claim 8 wherein the PMU measurement and the MU measurement are time synchronized.
11. The ssPDC of claim 8 wherein the MU input receives the MU measurement by way of a phasor measurement unit structured to receive data from the merging unit, convert the data into a phasor measurement, and transmit the phasor measurement to the MU input.
12. The ssPDC of claim 8 wherein the MU input receives the MU measurement and the PMU input receives the PMU measurement by way of a wireless communication channel.
13. The ssPDC of claim 8 wherein the ssPDC comprises a protective relay input structured to receive a circuit breaker status from a protective relay.
14. The ssPDC of claim 8 wherein the processing device repeatedly estimates the set of substation electrical characteristics using the data received from the PMU input and the MU input until the processing device determines the first measurement and second measurement do not include a false measurement.
15. The ssPDC of claim 8 wherein the MU measurement is received with the ssPDC by way of an IEC 61850-90-5 communication protocol or an IEC 61850-9-2 communication protocol, and the PMU measurement is received with the ssPDC by way of a C37.118 communication protocol.
16. A method for detecting and eliminating false data collected within an electrical substation including a first measurement unit, a second measurement unit, and a substation phasor data concentrator (ssPDC), comprising:
receiving, with the first measurement unit, a set of line information from a current transformer and a voltage transformer corresponding electrical characteristics of the electrical sub station;
generating, with the first measurement unit, a first phasor measurement using the set of line information;
receiving, with the second measurement unit, the set of line information from the current transformer and the voltage transformer;
generating, with the second measurement unit, a set of sampled values;
converting the set of sampled values into a second phasor measurement;
receiving, with the ssPDC, one of the first phasor measurement and the second phasor measurement;
receiving, with the ssPDC, a set of false data which does not correspond to electrical characteristics of the electrical substation;
determining, with the ssPDC, the set of false data does not correspond to the electrical characteristics of the electrical substation using local state estimation; and
replacing the set of false data using the one of the first phasor measurement and the second phasor measurement received with the ssPDC.
17. The method of claim 16 wherein the set of false data and electrical characteristics include the status of a circuit breaker and determining the set of false data does not correspond to electrical characteristics of the electrical substation using local state estimation includes estimating the status of the circuit breaker and comparing the estimated status with the set of false data.
18. The method of claim 16 wherein the set of sampled values are IEC 61850-9-2 sampled values.
19. The method of claim 18 wherein the sampled values are transmitted to one of a protective relay and a phasor measurement unit, converted to the second phasor measurement, and transmitted to the ssPDC.
20. The method of claim 19 wherein the second phasor measurement is transmitted to the ssPDC by way of an C37.118 communication protocol, a manufacturing message specification communication protocol, or a distributed network protocol.
US15/386,339 2016-12-21 2016-12-21 System and method for detecting false data injection in electrical substations Active 2037-09-08 US10305932B2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US15/386,339 US10305932B2 (en) 2016-12-21 2016-12-21 System and method for detecting false data injection in electrical substations
EP17883049.3A EP3559776B1 (en) 2016-12-21 2017-12-21 System and method for detecting false data injection in electrical substations
PCT/US2017/067950 WO2018119265A1 (en) 2016-12-21 2017-12-21 System and method for detecting false data injection in electrical substations
CN201780087008.8A CN110337626B (en) 2016-12-21 2017-12-21 System and method for detecting erroneous data injection in a substation
EP22166965.8A EP4047444B1 (en) 2016-12-21 2017-12-21 System and method for detecting false data injection in electrical substations

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US15/386,339 US10305932B2 (en) 2016-12-21 2016-12-21 System and method for detecting false data injection in electrical substations

Publications (2)

Publication Number Publication Date
US20180176249A1 US20180176249A1 (en) 2018-06-21
US10305932B2 true US10305932B2 (en) 2019-05-28

Family

ID=62562117

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/386,339 Active 2037-09-08 US10305932B2 (en) 2016-12-21 2016-12-21 System and method for detecting false data injection in electrical substations

Country Status (4)

Country Link
US (1) US10305932B2 (en)
EP (2) EP4047444B1 (en)
CN (1) CN110337626B (en)
WO (1) WO2018119265A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111404915A (en) * 2020-03-11 2020-07-10 湖南大学 Power grid information physical security risk detection method based on three-layer model

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109165504B (en) * 2018-08-27 2021-05-07 广西大学 Power system false data attack identification method based on anti-generation network
AU2019352596B2 (en) * 2018-10-01 2022-06-09 Abb Schweiz Ag Decentralized false data mitigation for nested microgrids
US11206287B2 (en) * 2019-01-29 2021-12-21 Battelle Memorial Institute Evaluating cyber-risk in synchrophasor systems
CN109873833B (en) * 2019-03-11 2021-08-03 浙江工业大学 Data injection attack detection method based on chi-square distance KNN
CN110086803A (en) * 2019-04-25 2019-08-02 江苏省电力试验研究院有限公司 A kind of simulation attack synchronous phasor measuring device clock synchronization signal creating method and device
CN110035090B (en) * 2019-05-10 2020-09-15 燕山大学 False data injection attack detection method for smart grid
US11657148B2 (en) 2019-05-10 2023-05-23 General Electric Company Event analysis in an electric power system
CN110336821B (en) * 2019-07-09 2021-09-10 长沙理工大学 Method and device for detecting false data through collaborative voting
US20230028886A1 (en) * 2019-11-20 2023-01-26 University Of Tennessee Research Foundation Methods of detecting anomalous operation of industrial systems and respective control systems, and related systems and articles of manufacture
CN110752622B (en) * 2019-12-12 2023-12-05 燕山大学 Affine state estimation method for power distribution network
CN110830514B (en) * 2019-12-12 2021-06-22 四川大学 Detection method for collusion-based false data injection attack of smart power grid
CN110995761B (en) * 2019-12-19 2021-07-13 长沙理工大学 Method and device for detecting false data injection attack and readable storage medium
CN111031064A (en) * 2019-12-25 2020-04-17 国网浙江省电力有限公司杭州供电公司 Method for detecting power grid false data injection attack
CN112565180B (en) * 2020-10-27 2021-12-28 西安交通大学 Power grid defense method, system, equipment and medium based on moving target defense
US20230050490A1 (en) * 2021-08-04 2023-02-16 Abb Schweiz Ag Systems and Methods for Malicious Attack Detection in Phasor Measurement Unit Data
CN114172262A (en) * 2021-09-10 2022-03-11 国网上海市电力公司 Intelligent substation sampling data quality comprehensive evaluation method and system
CN114336674B (en) * 2021-12-09 2023-10-20 北京交通大学 Distributed toughness frequency control method for alternating-current micro-grid
CN114666153B (en) * 2022-04-08 2022-11-18 东南大学溧阳研究院 False data injection attack detection method and system based on state estimation residual distribution description

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010021896A1 (en) 2000-03-10 2001-09-13 Joachim Bertsch Method and device for assessing the stability of an electric power transmission network
US20110288692A1 (en) * 2010-05-20 2011-11-24 Accenture Global Services Gmbh Malicious attack detection and analysis
US8405944B2 (en) * 2007-10-09 2013-03-26 Schweitzer Engineering Laboratories Inc Distributed bus differential protection using time-stamped data
US20130304266A1 (en) 2012-04-13 2013-11-14 Regents Of The University Of Minnesota State estimation of electrical power networks using semidefinite relaxation
US20140074415A1 (en) 2011-03-24 2014-03-13 Alstom Technology Ltd. Merging unit and method of operating a merging unit
WO2016066218A1 (en) 2014-10-31 2016-05-06 Siemens Aktiengesellschaft Method for state estimation of a distribution network based on real time measurement values
US20160315774A1 (en) 2013-12-13 2016-10-27 University Of North Dakota Smart grid secure communications method and apparatus

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101431230B (en) * 2008-12-17 2010-12-01 中国南方电网有限责任公司 Transforming plant integrated protection system based on IEC61850
CN101621216B (en) * 2009-08-18 2011-02-16 湖北省电力公司 Data sharing type area protection system based on IEC 61850
WO2011032579A1 (en) * 2009-09-15 2011-03-24 Siemens Aktiengesellschaft Monitoring of an electrical energy supply network
CN201569691U (en) * 2009-09-28 2010-09-01 深圳市双合电脑系统股份有限公司 Electric power quality monitoring and synchronous phasor monitoring device of power system
CN102135570B (en) * 2011-02-25 2013-05-01 上海思源弘瑞自动化有限公司 Synchronous phasor measuring method and device for intelligent transformer substation
US20120266209A1 (en) * 2012-06-11 2012-10-18 David Jeffrey Gooding Method of Secure Electric Power Grid Operations Using Common Cyber Security Services
CN104638762B (en) * 2015-01-19 2017-04-26 浙江工商大学 Method and system for detecting illegal data implantation internal attack in smart power grid
CN105467204B (en) * 2015-12-03 2018-07-17 西安交通大学 The detection method of user's actual power consumption amount based on false data identification in intelligent grid
CN105375484A (en) * 2015-12-22 2016-03-02 华北电力大学 PMU-based electric power system distributed dynamic-state estimation method
CN105791280B (en) * 2016-02-29 2019-05-03 西安交通大学 A method of electric system DC state estimated median is resisted according to complete sexual assault
CN106788816B (en) * 2016-11-30 2020-11-13 全球能源互联网研究院有限公司 Channel state detection method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010021896A1 (en) 2000-03-10 2001-09-13 Joachim Bertsch Method and device for assessing the stability of an electric power transmission network
US8405944B2 (en) * 2007-10-09 2013-03-26 Schweitzer Engineering Laboratories Inc Distributed bus differential protection using time-stamped data
US20110288692A1 (en) * 2010-05-20 2011-11-24 Accenture Global Services Gmbh Malicious attack detection and analysis
US20140074415A1 (en) 2011-03-24 2014-03-13 Alstom Technology Ltd. Merging unit and method of operating a merging unit
US20130304266A1 (en) 2012-04-13 2013-11-14 Regents Of The University Of Minnesota State estimation of electrical power networks using semidefinite relaxation
US20160315774A1 (en) 2013-12-13 2016-10-27 University Of North Dakota Smart grid secure communications method and apparatus
WO2016066218A1 (en) 2014-10-31 2016-05-06 Siemens Aktiengesellschaft Method for state estimation of a distribution network based on real time measurement values

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Abur, Ali, Role of Synchronized Measurement in Operation of Smart Grids, ; Northeastern University; Boston, Massachusetts; CISE Seminar, Nov. 12, 2010, pp. 1-64.
Meliopoulos A.P. Sakis, "Distributed Dynamic State Estimator Enables Seamless DSA", ; Georgia Power Distinguished Professor School of Electrical and Computer Engineering; 2014, Georgia Institute of Technology; Altanta GA USA, Jul. 27, 2014, pp. 1-5.
Search Report and Written Opinion, PCT Appln. No. PCT/US17/67950, dated Feb. 20, 2018, 14 pgs.

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111404915A (en) * 2020-03-11 2020-07-10 湖南大学 Power grid information physical security risk detection method based on three-layer model
CN111404915B (en) * 2020-03-11 2021-06-25 湖南大学 Power grid information physical security risk detection method based on three-layer model

Also Published As

Publication number Publication date
CN110337626A (en) 2019-10-15
EP3559776A4 (en) 2020-08-19
EP3559776B1 (en) 2023-09-06
CN110337626B (en) 2021-03-19
US20180176249A1 (en) 2018-06-21
EP3559776A1 (en) 2019-10-30
WO2018119265A1 (en) 2018-06-28
EP4047444A1 (en) 2022-08-24
EP4047444B1 (en) 2024-08-28

Similar Documents

Publication Publication Date Title
US10305932B2 (en) System and method for detecting false data injection in electrical substations
US10132853B2 (en) Wide area fault detection method using PMU data
US9874593B2 (en) Decision support system for outage management and automated crew dispatch
CN109564257A (en) The fault detection and protection carried out during stable state using traveling wave
Alcaide-Moreno et al. Electric power network state tracking from multirate measurements
US20240168075A1 (en) Method for identifying and localizing faults in a medium and low voltage electric power distribution grid using measurements from low voltage parts of the grid
CN109283407B (en) Voltage loop monitoring system based on total station data contrastive analysis
US9621569B1 (en) Method and apparatus for detecting cyber attacks on an alternating current power grid
EP3020119B1 (en) Method of determining a condition of an electrical power network and apparatus therefor
Janssen et al. Monitoring, protection and fault location in power distribution networks using system-wide measurements
CN203811747U (en) A small current grounding line selection system
Baldwin et al. Fault locating in distribution networks with the aid of advanced metering infrastructure
Tutvedt et al. Smart fault handling in medium voltage distribution grids
KR101309400B1 (en) Merging unit with frequency protection function
Chen et al. On-line islanding detection application in the realtime dynamics monitoring system
KR102011330B1 (en) Apparatus and method of measuring data in high voltage direct current system
Srivastava et al. Transmission line protection using dynamic state estimation and advanced sensors: Experimental validation
Kezunovic et al. Merging PMU, operational, and non-operational data for interpreting alarms, locating faults and preventing cascades
Yeung et al. Exploring the application of phasor measurement units in the distribution network
AU2019352596B2 (en) Decentralized false data mitigation for nested microgrids
Khairalla et al. Fault location based on smart meters time synchronized measurements
US12149070B2 (en) Decentralized false data mitigation for nested microgrids
Mansour et al. Transmission Line Protection Using Dynamic State Estimation and Advanced Sensors: Experimental Validation
Abur et al. 4 Estimating the System State and Network Model Errors
CN105759169A (en) Fault diagnosis method based on WAMS time section information and topological information

Legal Events

Date Code Title Description
AS Assignment

Owner name: ABB INC., NORTH CAROLINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HONG, JUNHO;NUQUI, REYNALDO;REEL/FRAME:041116/0281

Effective date: 20161220

AS Assignment

Owner name: UNITED STATES DEPARTMENT OF ENERGY, DISTRICT OF CO

Free format text: CONFIRMATORY LICENSE;ASSIGNOR:ABB, INC.;REEL/FRAME:043713/0600

Effective date: 20170320

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: ABB POWER GRIDS SWITZERLAND AG, SWITZERLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ABB INC.;REEL/FRAME:055594/0148

Effective date: 20201202

AS Assignment

Owner name: HITACHI ENERGY SWITZERLAND AG, SWITZERLAND

Free format text: CHANGE OF NAME;ASSIGNOR:ABB POWER GRIDS SWITZERLAND AG;REEL/FRAME:058666/0540

Effective date: 20211006

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

AS Assignment

Owner name: HITACHI ENERGY LTD, SWITZERLAND

Free format text: MERGER;ASSIGNOR:HITACHI ENERGY SWITZERLAND AG;REEL/FRAME:065549/0576

Effective date: 20231002